A

A document that defines who can access a particular bucket or object. Each bucket and object in Amazon S3 has an ACL. The
document defines what each type of user can do, such as write and read
permissions.

The combination of an access key ID (like AKIAIOSFODNN7EXAMPLE) and a secret access key (like
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY). You use access keys
to sign API requests that you make to AWS.

access key ID

A unique identifier that's associated with a secret access key; the access key ID and secret access key
are used together to sign programmatic AWS requests cryptographically.

access key rotation

A method to increase security by changing the AWS access key ID. This method
enables you to retire an old key at your discretion.

access policy language

A language for writing documents (that is, policies) that specify
who can access a particular AWS resource and under what conditions.

account

A formal relationship with AWS that is associated with (1) the owner email
address and password, (2) the control of resources created under its umbrella, and (3) payment for
the AWS activity related to those resources. The AWS account has permission to
do anything and everything with all the AWS account resources. This is in
contrast to a user, which is an
entity contained within the account.

An API function. Also called operation or
call. The activity the principal has permission to perform. The action is B in
the statement "A has permission to do B to C where D applies." For example, Jane
sends a request to Amazon SQS with
Action=ReceiveMessage.

Amazon CloudWatch: The response initiated by
the change in an alarm's state: for example, from OK to ALARM. The state change
may be triggered by a metric reaching the alarm threshold, or by a SetAlarmState
request. Each alarm can have one or more actions assigned to each state. Actions
are performed once each time the alarm changes to a state that has an action
assigned, such as an Amazon Simple Notification Service
notification, an Auto Scalingpolicy execution or an Amazon EC2instance stop/terminate
action.

active trusted signers

A list showing each of the trusted signers you've specified and the IDs of the
corresponding active key pairs that Amazon CloudFront is aware of. To be able to create
working signed URLs, a trusted signer must appear in this list with at least
one
key pair ID.

additional authenticated
data

Information that is checked for integrity but not encrypted, such as headers
or other contextual metadata.

administrative suspension

Auto Scaling might suspend
processes for Auto Scaling group that repeatedly fail to launch instances. Auto Scaling groups that most commonly
experience administrative suspension have zero running instances, have been
trying to launch instances for more than 24 hours, and have not succeeded in
that time.

alarm

An item that watches a single metric over a specified time period, and
triggers an Amazon SNStopic or an Auto Scalingpolicy if the value of the metric
crosses a threshold value over a predetermined number of time periods.

allow

One of two possible outcomes (the other is deny) when an IAM access policy is
evaluated. When a user makes a request to AWS, AWS evaluates the request based
on all permissions that apply to the user and then returns either allow or
deny.

Amazon API Gateway

A fully managed service that makes it easy for developers to create, publish,
maintain, monitor, and secure APIs at any scale.

A web service for monitoring and troubleshooting your systems and applications
from your existing system, application, and custom log files. You can send your
existing log files to CloudWatch Logs and monitor these logs in near real-time.

A web service that makes it easy to save mobile user data, such as app
preferences or game state, in the AWS cloud without writing any back-end code
or managing any infrastructure. Amazon Cognito offers mobile identity management
and data
synchronization across devices.

An AWS service that captures a time-ordered sequence of item-level
modifications in any Amazon DynamoDB table, and stores this information in a
log for
up to 24 hours. Applications can access this log and view the data items as they
appeared before and after they were modified, in near real time.

A file storage service for EC2instances. Amazon EFS is easy to use and
provides a simple interface with which you can create and configure file
systems. Amazon EFS storage capacity grows and shrinks automatically as you add
and
remove files.

A web service that makes it easy to process large amounts of data efficiently.
Amazon EMR uses Hadoop processing combined
with several AWS products to do such tasks as web indexing, data mining, log
file analysis, machine learning, scientific simulation, and data warehousing.

A cloud-based media transcoding service. Elastic Transcoder is a highly scalable tool
for
converting (or transcoding) media files from their source
format into versions that will play on devices like smartphones, tablets, and
PCs.

A web service that simplifies deploying, operating, and scaling an in-memory
cache in the cloud. The service improves the performance of web applications
by
providing information retrieval from fast, managed, in-memory caches, instead
of
relying entirely on slower disk-based databases.

An AWS managed service for deploying, operating, and scaling Elasticsearch, an open-source
search and analytics engine, in the AWS Cloud. Amazon Elasticsearch Service (Amazon
ES) also offers
security options, high availability, data durability, and direct access to the
Elasticsearch APIs.

A secure, durable, and low-cost storage service for data archiving and
long-term backup. You can reliably store large or small amounts of data for
significantly less than on-premises solutions. Amazon Glacier is optimized for
infrequently accessed data, where a retrieval time of several hours is
suitable.

An automated security assessment service that helps improve the security and
compliance of applications deployed on AWS. Amazon Inspector automatically assesses
applications for vulnerabilities or deviations from best practices. After
performing an assessment, Amazon Inspector produces a detailed report with prioritized
steps for remediation.

A fully managed service for loading streaming data into AWS. Kinesis Firehose can
capture
and automatically load streaming data into Amazon S3 and Amazon Redshift , enabling near real-time
analytics with existing business intelligence tools and dashboards. Kinesis Firehose
automatically scales to match the throughput of your data and requires no
ongoing administration. It can also batch, compress, and encrypt the data before
loading it.

A web service for building custom applications that process or analyze
streaming data for specialized needs. Amazon Kinesis Streams can continuously
capture and
store terabytes of data per hour from hundreds of thousands of sources.

A web service that makes it easier to set up, operate, and scale a relational
database in the cloud. It provides cost-efficient, resizable capacity for an
industry-standard relational database and manages common database administration
tasks.

A next-generation web browser available only on Fire OS tablets and phones.
Built on a split architecture that divides processing between the client and
the
AWS cloud, Amazon Silk is designed to create a faster, more responsive mobile
browsing experience.

A web service for provisioning a logically isolated section of the AWS cloud
where you can launch AWS resources
in a virtual network that you define. You control your virtual networking
environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network
gateways.

Amazon CloudSearch: Language-specific
text analysis options that are applied to a text field to control stemming and
configure stopwords and synonyms.

application

AWS Elastic Beanstalk: A logical collection of
components, including environments, versions, and environment configurations.
An
application is conceptually similar to a folder.

AWS CodeDeploy: A name that
uniquely identifies the application to be deployed. AWS CodeDeploy uses this
name to ensure the correct combination of revision, deployment configuration,
and deployment group are referenced during a deployment.

AWS CodeDeploy: An archive file
containing source content—such as source code, web pages, executable files, and
deployment scripts—along with an application specification
file. Revisions are stored in
Amazon S3buckets or GitHub repositories. For
Amazon S3, a revision is uniquely identified by its Amazon S3 object key and
its ETag,
version, or both. For GitHub, a revision is uniquely identified by its commit
ID.

application specification
file

AWS CodeDeploy: A
YAML-formatted file used to map the source files in an application revision to
destinations on the instance; specify custom permissions for deployed files;
and
specify scripts to be run on each instance at various stages of the deployment
process.

application version

AWS Elastic Beanstalk: A specific, labeled
iteration of an application that represents a functionally consistent set of
deployable application code. A version points to an Amazon S3 object (a JAVA WAR
file) that contains the application code.

Area Under a Curve. An industry-standard metric to evaluate the quality of a
binary classification machine learning model. AUC measures the ability of the
model to predict a higher score for positive examples, those that are “correct,”
than for negative examples, those that are “incorrect.” The AUC metric returns
a
decimal value from 0 to 1. AUC values near 1 indicate an ML model that is highly
accurate.

A type of bounce that occurs when a
receiver initially accepts an
email message for delivery and then subsequently fails to deliver it.

atomic counter

DynamoDB: A method of incrementing or decrementing the value of an existing
attribute without interfering with other write requests.

attribute

A fundamental data element, something that does not need to be broken down any
further. In DynamoDB, attributes are similar in many ways to fields or columns
in
other database systems.

Amazon Machine Learning: A unique, named property within an observation in a data
set. In
tabular data, such as spreadsheets or comma-separated values (.csv) files, the
column headings represent the attributes, and the rows contain values for each
attribute.

A representation of multiple EC2 instances that share similar characteristics, and that
are treated as a logical grouping for the purposes of instance scaling and
management.

Availability Zone

A distinct location within a region
that is insulated from failures in other Availability Zones, and provides
inexpensive, low-latency network connectivity to other Availability Zones in
the
same region.

The AWS cloud computing model in which you pay for services on demand and
use as much or as little at any given time as you need. While resources are active under your
account, you pay for the cost of allocating those resources and for any
incidental usage associated with those resources, such as data transfer or
allocated storage.

A web service that records AWS API calls for your account and delivers log
files to you. The recorded information includes the identity of the API caller,
the time of the API call, the source IP address of the API caller, the request
parameters, and the response elements returned by the AWS service.

A fully managed service that provides an AWS resource inventory, configuration history, and
configuration change notifications for better security and governance. You can
create rules that automatically check the configuration of AWS resources that
AWS Config records.

A web service that simplifies establishing a dedicated network connection from
your premises to AWS. Using AWS Direct Connect, you can establish private connectivity
between AWS and your data center, office, or colocation environment.

A fully managed extract, transform, and load (ETL) service that you can use to
catalog data and load it for analytics. With AWS Glue, you can discover your
data, develop scripts to transform sources into targets, and schedule and run
ETL jobs in a serverless environment.

A web service that lets you run code without provisioning or managing servers.
You can run code for virtually any type of application or back-end service with
zero administration. You can set up your code to automatically trigger from
other AWS services or call it directly from any web or mobile app.

A web service for managing your AWS resources using VMware vCenter. You install the portal as
a vCenter plug-in within your existing vCenter environment. Once installed, you
can migrate VMware VMs to Amazon EC2
and manage AWS resources from within vCenter.

A web portal where qualified partners to market and sell their software to
AWS customers. AWS Marketplace is an online software store that helps
customers find, buy, and immediately start using the software and services that
run on AWS.

A configuration management service that helps you use Chef to configure and
operate groups of instances and applications. You can define the application’s
architecture and the specification of each component including package
installation, software configuration, and resources such as storage. You can automate tasks based on
time, load, lifecycle events, and more.

A software development kit for that provides C++ APIs for many AWS services including
Amazon S3, Amazon EC2, Amazon DynamoDB, and more. The single, downloadable package includes the AWS C++ library, code samples,
and documentation.

A software development kit that provides Java APIs for many AWS services
including Amazon S3, Amazon EC2, Amazon DynamoDB, and more. The single, downloadable package
includes the AWS Java library, code samples, and documentation.

A software development kit for accessing AWS services from Ruby. The SDK
provides Ruby classes for many AWS services including Amazon S3, Amazon EC2, Amazon DynamoDB. and more. The single, downloadable package
includes the AWS Ruby Library and documentation.

A web service that helps organizations create and manage catalogs of IT
services that are approved for use on AWS. These IT services can include
everything from virtual machine images, servers, software, and databases to
complete multitier application architectures.

A web service that connects an on-premises software appliance with cloud-based
storage to provide seamless and secure integration between an organization’s
on-premises IT environment and AWS’s storage infrastructure.

Enables secure communication between branch offices using a simple
hub-and-spoke model, with or without a VPC.

AWS WAF

A web application firewall service that controls access to content by allowing
or blocking web requests based on criteria that you specify, such as header
values or the IP addresses that the requests originate from. AWS WAF helps protect
web applications from common web exploits that could affect application
availability, compromise security, or consume excessive resources.

A web service that collects data about requests that your application serves,
and provides tools you can use to view, filter, and gain insights into that data to
identify issues and opportunities for optimization.

Border Gateway Protocol Autonomous System Number. A unique identifier for a
network, for use in BGP routing. Amazon EC2 supports all 2-byte ASN numbers in the range of 1 –
65335, with the exception of 7224, which is reserved.

batch prediction

Amazon Machine Learning: An operation that processes multiple input data observations
at one
time (asynchronously). Unlike real-time predictions, batch predictions are not
available until all predictions have been processed.

Amazon Machine Learning: A machine learning model that predicts the answer to questions
where
the answer can be expressed as a binary variable. For example, questions with
answers of “1” or “0”, “yes” or “no”, “will click” or “will not click” are
questions that have binary answers. The result for a binary classification model
is always either a “1” (for a “true” or affirmative answers) or a “0” (for a
“false” or negative answers).

blacklist

A list of IP addresses, email addresses, or domains that an internet service provider
suspects to be the source of spam. The
ISP blocks incoming email from these addresses or domains.

block

A data set. Amazon EMR breaks large amounts of
data into subsets. Each subset is called a data block. Amazon EMR assigns an
ID to
each block and uses a hash table to keep track of block processing.

block device

A storage device that supports reading and (optionally) writing data in
fixed-size blocks, sectors, or clusters.

block device mapping

A mapping structure for every AMI and instance that specifies the block devices attached to the
instance.

blue/green deployment

AWS CodeDeploy: A deployment method in which the instances in a deployment group (the
original environment) are replaced by a different set of instances (the
replacement environment).

bootstrap action

A user-specified default or custom action that runs a script or an application
on all nodes of a job flow before Hadoop starts.

Auto Scaling: The condition in
which a user-set threshold (upper or lower boundary) is passed. If the duration
of the breach is significant, as set by a breach duration parameter, it can
possibly start a scaling activity.

bucket

Amazon Simple Storage Service
(Amazon S3): A container for stored
objects. Every object is contained in a bucket. For example, if the object named
photos/puppy.jpg is stored in the johnsmith
bucket, then authorized users can access the object with the URL
http://johnsmith.s3.amazonaws.com/photos/puppy.jpg.

bucket owner

The person or organization that owns a bucket in Amazon S3. Just as Amazon is
the only owner of the domain name Amazon.com, only one person or organization
can own a bucket.

C

A logical cache distributed over multiple cache nodes. A cache cluster can be set up with a specific
number of cache nodes.

cache cluster identifier

Customer-supplied identifier for the cache cluster that must be unique for
that customer in an AWS region.

cache engine version

The version of the Memcached service that is running on the cache node.

cache node

A fixed-size chunk of secure, network-attached RAM. Each cache node runs an
instance of the Memcached service, and has its own DNS name and port. Multiple
types of cache nodes are supported, each with varying amounts of associated
memory.

A container for cache engine parameter values that can be applied to one or
more cache clusters.

cache security group

A group maintained by ElastiCache that combines ingress authorizations to cache
nodes for hosts belonging to Amazon EC2security groups specified through
the console or the API or command line tools.

canned access policy

A standard access control policy that you can apply to a bucket or object. Options include:
private, public-read, public-read-write, and authenticated-read.

canonicalization

The process of converting data into a standard format that a service such as
Amazon S3 can recognize.

capacity

The amount of available compute size at a given time. Each Auto Scaling group is defined
with a minimum and maximum compute size. A scaling activity increases or decreases the capacity within
the defined minimum and maximum values.

cartesian product
processor

A processor that calculates a cartesian product. Also known as a
cartesian data processor.

cartesian product

A mathematical operation that returns a product from multiple sets.

certificate

A credential that some AWS products use to authenticate AWS accounts and users. Also known as an
X.509 certificate . The certificate is paired with
a private key.

chargeable resources

Features or services whose use incurs fees. Although some AWS products are
free, others include charges. For example, in an AWS CloudFormationstack, AWS resources that have been created incur charges. The amount
charged depends on the usage load. Use the Amazon Web Services Simple Monthly
Calculator at http://calculator.s3.amazonaws.com/calc5.html to estimate your cost
prior to creating instances, stacks, or other resources.

In machine learning, a type of problem that seeks to place (classify) a data
sample into a single category or “class.” Often, classification problems are
modeled to choose one category (class) out of two. These are binary
classification problems. Problems where more than two categories (classes) are
available are called "multiclass classification" problems.

Amazon Elasticsearch Service
(Amazon ES): A logical grouping of one or
more data nodes, optional dedicated master nodes, and storage required to run
Amazon Elasticsearch Service (Amazon ES) and operate your Amazon ES domain.

A type of instance that provides a
great amount of CPU power coupled with increased networking performance, making
it well suited for High Performance Compute (HPC) applications and other
demanding network-bound applications.

Amazon Elasticsearch Service
(Amazon ES): An indicator of the health of
a cluster. A status can be green, yellow, or red. At the shard level, green
means that all shards are allocated to nodes in a cluster, yellow means that
the
primary shard is allocated but the replica shards are not, and red means that
the primary and replica shards of at least one index are not allocated. The
shard status determines the index status, and the index status determines the
cluster status.

Canonical Name Record. A type of resource record in the Domain Name System (DNS) that
specifies that the domain name is an alias of another, canonical domain name.
More simply, it is an entry in a DNS table that lets you alias one fully
qualified domain name to another.

IAM: Any restriction or
detail about a permission. The condition is D in the
statement "A has permission to do B to C where D applies."

AWS WAF: A set of attributes that
AWS WAF searches for in web requests to AWS resources such as Amazon CloudFront distributions. Conditions can
include values such as the IP addresses that web requests originate from or
values in request headers. Based on the specified conditions, you can configure
AWS WAF to allow or block web requests to AWS resources.

A feature of the AWS Organizations service for consolidating payment for multiple
AWS accounts. You
create an organization that contains your AWS accounts, and you use the master
account of your organization to pay for all member accounts. You can see a
combined view of AWS costs that are incurred by all accounts in your
organization, and you can get detailed cost reports for individual accounts.

container

A Linux container that was created from a Docker image as part of a task.

container definition

Specifies which Docker image to
use for a container, how much CPU
and memory the container is allocated, and more options. The container
definition is included as part of a task definition.

An EC2 instance that runs Hadoop map and reduce tasks and stores
data using the Hadoop Distributed File System (HDFS). Core nodes are managed
by
the master node, which assigns
Hadoop tasks to nodes and monitors their status. The EC2 instances you assign
as
core nodes are capacity that must be allotted for the entire job flow run.
Because core nodes store data, you can't remove them from a job flow. However,
you can add more core nodes to a running job flow.

AWS CodeCommit: A program that
stores credentials for repositories and supplies them to Git when making
connections to those repositories. The AWS CLI includes a credential helper that you
can use with Git when connecting to AWS CodeCommit repositories.

credentials

Also called access credentials or security
credentials. In authentication and authorization, a system uses
credentials to identify who is making a call and whether to allow the requested
access. In AWS, these credentials are typically the access key ID and the secret access key.

cross-account access

The process of permitting limited, controlled use of resources in one AWS account by a user in another AWS account. For example, in
AWS CodeCommit and AWS CodeDeploy you can configure
cross-account access so that a user in AWS account A can access an AWS CodeCommit
repository created by account B. Or a pipeline in AWS CodePipeline created by
account A can use AWS CodeDeploy resources created by account B. In IAM you use a role to delegate temporary access to a user in one account to resources in
another.

cross-region replication

A client-side solution for maintaining identical copies of Amazon DynamoDB tables across different AWS
regions, in near real time.

customer gateway

A router or software application on your side of a VPN tunnel that is managed
by Amazon VPC. The internal
interfaces of the customer gateway are attached to one or more devices in your
home network. The external interface is attached to the virtual private gateway across the VPN tunnel.

The fundamental resource that AWS Key Management Service (AWS KMS) manages. CMKs can be either
customer managed keys or AWS managed keys. Use CMKs inside AWS KMS to encrypt or decrypt up to 4 kilobytes of
data directly or to encrypt generated data keys, which are then used to encrypt
or decrypt larger amounts of data outside of the service.

D

A concept that describes when data is written or updated successfully and all
copies of the data are updated in all AWS regions. However, it takes time for the data to propagate
to all storage locations. To support varied application requirements, Amazon DynamoDB supports both eventually
consistent and strongly consistent reads.

The database, file, or repository that provides information required by an
application or database. For example, in AWS OpsWorks, valid data sources include an instance for a stack’s MySQL layer or a
stack’s Amazon RDS service layer.
In Amazon Redshift , valid data sources
include text files in an Amazon S3bucket, in an Amazon EMR cluster, or on a remote host that a cluster can access through
an SSH connection.

The name of a database hosted in a DB instance. A DB instance can host multiple databases, but
databases hosted by the same DB instance must each have a unique name within
that instance.

datasource

Amazon Machine Learning: An object
that contains metadata about the input data. Amazon ML reads the input data,
computes
descriptive statistics on its attributes, and stores the statistics—along
with a schema and other information—as part of the datasource object. Amazon
ML
uses datasources to train and evaluate a machine learning model and generate
batch predictions.

An isolated database environment running in the cloud. A DB instance can
contain multiple user-created databases.

DB instance identifier

User-supplied identifier for the DB instance. The identifier must be unique
for that user in an AWS region.

DB parameter group

A container for database engine parameter values that apply to one or more
DB instances.

DB security group

A method that controls access to the DB instance. By default, network access is turned off to DB
instances. After ingress is configured for a security group, the same rules apply to all DB instances
associated with that group.

Between two AWS accounts: Setting up a trust between the account that owns
the resource (the trusting account), and the account that contains the users
that need to access the resource (the trusted account).

The result of a policy statement that
includes deny as the effect, so that a specific action or actions are expressly
forbidden for a user, group, or role. Explicit deny take precedence over
explicit allow.

deployment configuration

AWS CodeDeploy: A set of
deployment rules and success and failure conditions used by the service during
a
deployment.

A property added to parameters, resources, resource properties, mappings, and outputs to
help you to document AWS CloudFormation template elements.

dimension

A name–value pair (for example, InstanceType=m1.small, or
EngineName=mysql), that contains additional information to identify a
metric.

discussion forums

A place where AWS users can post technical questions and feedback to help
accelerate their development efforts and to engage with the AWS community. The
discussion forums are located at https://aws.amazon.com/forums/.

distribution

A link between an origin server (such as an Amazon S3bucket) and a domain name, which CloudFront automatically
assigns. Through this link, CloudFront identifies the object you have stored
in your
origin server.

DKIM

DomainKeys Identified Mail. A standard that email senders use to sign their
messages. ISPs use those signatures to verify that messages are legitimate. For
more information, see http://www.dkim.org.

A layered file system template that is the basis of a Docker container. Docker images can comprise
specific operating systems or applications.

document

Amazon CloudSearch: An item that can be
returned as a search result. Each document has a collection of fields that
contain the data that can be searched or returned. The value of a field can be
either a string or a number. Each document must have a unique ID and at least
one field.

document batch

Amazon CloudSearch: A collection of add
and delete document operations. You use the document service API to submit
batches to update the data in your search domain.

document service API

Amazon CloudSearch: The API call that
you use to submit document batches to update the data in a search domain.

document service endpoint

Amazon CloudSearch: The URL that you
connect to when sending document updates to an Amazon CloudSearch domain. Each
search domain
has a unique document service endpoint that remains the same for the life of
the
domain.

domain

Amazon Elasticsearch Service
(Amazon ES): The hardware, software, and
data exposed by Amazon Elasticsearch Service (Amazon ES) endpoints. An Amazon
ES domain is a service wrapper
around an Elasticsearch cluster. An Amazon ES domain encapsulates the engine
instances
that process Amazon ES requests, the indexed data that you want to search, snapshots
of the domain, access policies, and metadata.

A service that routes internet traffic to websites by translating friendly
domain names like www.example.com into the numeric IP addresses like 192.0.2.1
that computers use to connect to each other.

Donation button

An HTML-coded button to provide an easy and secure way for US-based,
IRS-certified 501(c)3 nonprofit organizations to solicit donations.

DynamoDB stream

An ordered flow of information about changes to items in anAmazon DynamoDB table. When you enable a
stream on a table, DynamoDB captures information about every modification to
data
items in the table.

A fixed (static) IP address that you have allocated in Amazon EC2 or Amazon VPC and then attached to
an instance. Elastic IP addresses are
associated with your account, not a specific instance. They are
elastic because you can easily allocate, attach,
detach, and free them as your needs change. Unlike traditional static IP
addresses, Elastic IP addresses allow you to mask instance or Availability Zone failures by rapidly remapping your public IP addresses
to another instance.

Elastic Load Balancing

A web service that improves an application's availability by distributing
incoming traffic between two or more EC2 instances.

An additional network interface that can be attached to an instance. Elastic network interfaces include a primary
private IP address, one or more secondary private IP addresses, an elastic IP
address (optional), a MAC address, membership in specified security groups, a description, and
a source/destination check flag. You can create an elastic network interface,
attach it to an
instance, detach it from an instance, and attach it to another instance.

Elasticsearch

An open source, real-time distributed search and analytics engine used for
full-text search, structured search, and analytics. Elasticsearch was developed
by
the Elastic company.

Amazon Elasticsearch Service (Amazon ES) is an AWS managed service for deploying,
operating, and scaling
Elasticsearch in the AWS Cloud.

To use a mathematical algorithm to make data unintelligible to unauthorized
users while allowing authorized
users a method (such as a key or password) to convert the altered data back to
its original state.

The use of a master key and a data key to algorithmically protect data. The
master key is used to encrypt and decrypt the data key and the data key is used
to encrypt and decrypt the data itself.

environment

AWS Elastic Beanstalk: A specific running
instance of an application. The
application has a CNAME and includes an application version and a customizable
configuration (which is inherited from the default container type).

AWS CodeDeploy: Instances in a deployment
group in a blue/green deployment. At the start of a blue/green deployment, the
deployment group is made up of instances in the original environment. At the
end
of the deployment, the deployment group is made up of instances in the
replacement environment.

environment configuration

A collection of parameters and settings that define how an environment and its
associated resources behave.

The date from which time is measured. For most Unix environments, the epoch is
January 1, 1970.

evaluation

Amazon Machine Learning: The process of measuring the predictive performance of a
machine
learning (ML) model.

Also a machine learning object that stores the details and result of an ML
model evaluation.

evaluation datasource

The data that Amazon Machine Learning uses to evaluate the predictive accuracy of
a machine
learning model.

eventual consistency

The method through which AWS products achieve high availability, which
involves replicating data across multiple servers in Amazon's data centers. When
data is written or updated and Success is returned, all copies of
the data are updated. However, it takes time for the data to propagate to all
storage locations. The data will eventually be consistent, but an immediate read
might not show the change. Consistency is usually reached within seconds.

A read process that returns data from only one region and might not show the
most recent write information. However, if you repeat your read request after
a
short time, the response should eventually return the latest data.

The deletion by CloudFront
of an object from an edge location before
its expiration time. If an object in an edge location isn't frequently
requested, CloudFront might evict the object (remove the object before its expiration
date) to make room for objects that are more popular.

exbibyte

(EiB)

A contraction of exa binary byte, an exbibyte is 2^60 or
1,152,921,504,606,846,976 bytes. An exabyte (EB) is 10^18 or
1,000,000,000,000,000,000 bytes. 1,024 EiB is a zebibyte.

expiration

For CloudFront caching, the
time when CloudFront stops responding to user requests with an object. If you
don't
use headers or CloudFront distribution settings to specify how long you want objects
to stay in an edge location, the objects
expire after 24 hours. The next time a user requests an object that has expired,
CloudFront forwards the request to the origin.

A strategy that incrementally increases the wait between retry attempts in
order to reduce the load on the system and increase the likelihood that repeated
requests will succeed. For example, client applications might wait up to 400
milliseconds before attempting the first retry, up to 1600 milliseconds before
the second, up to 6400 milliseconds (6.4 seconds) before the third, and so
on.

expression

Amazon CloudSearch: A numeric
expression that you can use to control how search hits are sorted. You can
construct Amazon CloudSearch expressions using numeric fields, other rank expressions,
a
document's default relevance score, and standard numeric operators and
functions. When you use the sort option to specify an expression in
a search request, the expression is evaluated for each search hit and the hits
are listed according to their expression values.

Amazon Machine Learning: The machine learning process of constructing more predictive
input
representations or “features” from the raw input variables to optimize a machine
learning model’s ability to learn and generalize. Also known as data
transformation or feature
engineering.

federated identity management

(FIM)

Allows individuals to sign in to different networks or services, using the
same group or personal credentials to access data across all networks. With
identity federation in AWS, external identities (federated users) are granted
secure access to resources in an AWS
account without having to create
IAM users. These external
identities can come from a corporate identity store (such as LDAP or Windows
Active Directory) or from a third party (such as Login with Amazon, Facebook,
or
Google). AWS federation also supports SAML 2.0.

G

A search query that uses locations specified as a latitude and longitude to
determine matches and sort the results.

gibibyte

(GiB)

A contraction of giga binary byte, a gibibyte is 2^30 or 1,073,741,824 bytes.
A gigabyte (GB) is 10^9 or 1,000,000,000 bytes. 1,024 GiB is a tebibyte.

GitHub

A web-based repository that uses Git for version control.

global secondary index

An index with a partition key and a sort key that can be different from those
on the table. A global secondary index is considered global because queries on
the index can span all of the data in a table, across all partitions.

A type of identifier that allows the permissions in a grant to take effect
immediately.

ground truth

The observations used in the machine learning (ML) model training process that
include the correct value for the target attribute. To train an ML model to
predict house sales prices, the input observations would typically include
prices of previous house sales in the area. The sale prices of these houses
constitute the ground truth.

group

A collection of IAMusers. You can use IAM groups to
simplify specifying and managing permissions for multiple users.

H

Software that enables distributed processing for big data by using clusters
and simple programming models. For more information, see http://hadoop.apache.org.

hard bounce

A persistent email delivery failure such as "mailbox does not exist."

hardware VPN

A hardware-based IPsec VPN connection over the internet.

health check

A system call to check on the health status of each instance in an Auto Scaling group.

high-quality email

Email that recipients find valuable and want to receive. Value means different
things to different recipients and can come in the form of offers, order
confirmations, receipts, newsletters, etc.

highlights

Amazon CloudSearch: Excerpts returned
with search results that show where the search terms appear within the text of
the matching documents.

highlight enabled

Amazon CloudSearch: An index field
option that enables matches within the field to be highlighted.

hit

A document that matches the criteria specified in a search request. Also
referred to as a search result.

HMAC

Hash-based Message Authentication Code. A specific construction for
calculating a message authentication code (MAC) involving a cryptographic hash
function in combination with a secret key. You can use it to verify both the
data integrity and the authenticity of a message at the same time. AWS
calculates the HMAC using a standard, cryptographic hash algorithm, such as
SHA-256.

hosted zone

A collection of resource record sets that Amazon Route 53 hosts. Like a
traditional DNS zone file, a hosted zone represents a collection of records that
are managed together under a single domain name.

HVM virtualization

Hardware Virtual Machine virtualization. Allows the guest VM to run as though
it is on a native hardware platform, except that it still uses paravirtual (PV)
network and storage drivers for improved performance.

AWS CodeDeploy: A deployment method in which the application on each instance in the
deployment
group is stopped, the latest application revision is installed, and the new
version of the application is started and validated. You can choose to use a
load balancer so each instance is deregistered during its deployment and then
restored to service after the deployment is complete.

A general instance type grouping
using either storage or CPU capacity.

instance group

A Hadoop cluster contains one master
instance group that contains one master node, a core instance group containing one or more
core node and an optional task node instance group, which can
contain any number of task nodes.

Disk storage that is physically attached to the host computer for an EC2 instance, and therefore has the
same lifespan as the instance. When the instance is terminated, you lose any
data in the instance store.

A specification that defines the memory, CPU, storage capacity, and usage cost for
an
instance. Some instance types are
designed for standard applications, whereas others are designed for
CPU-intensive, memory-intensive applications, and so on.

internet gateway

Connects a network to the internet. You can route traffic for IP addresses
outside your VPC to the internet gateway.

internet service provider

(ISP)

A company that provides subscribers with access to the internet. Many ISPs are
also mailbox providers. Mailbox
providers are sometimes referred to as ISPs, even if they only provide mailbox
services.

intrinsic function

A special action in a AWS CloudFormation template that assigns values to properties
not available until runtime. These functions follow the format
Fn::Attribute, such as
Fn::GetAtt. Arguments for intrinsic functions can be
parameters, pseudo parameters, or the output of other intrinsic
functions.

IP address

A numerical address (for example, 192.0.2.44) that networked devices use to
communicate with one another using the Internet Protocol (IP). All EC2 instances are assigned two IP
addresses at launch, which are directly mapped to each other through network
address translation (NAT): a private IP
address (following RFC 1918) and a public IP address. Instances launched in a
VPC are assigned only a
private IP address. Instances launched in your default VPC are assigned both
a
private IP address and a public IP address.

IP match condition

AWS WAF: An attribute that specifies
the IP addresses or IP address ranges that web requests originate from. Based
on
the specified IP addresses, you can configure AWS WAF to allow or block web
requests to AWS resources such as
Amazon CloudFront
distributions.

The person who writes a policy to
grant permissions to a resource. The
issuer (by definition) is always the resource owner. AWS does not permit Amazon SQS users to create policies for resources they don't own. If John
is the resource owner, AWS authenticates John's identity when he submits the
policy he's written to grant permissions for that resource.

item

A group of attributes that is uniquely identifiable among all of the other
items. Items in Amazon DynamoDB are similar
in many ways to rows, records, or tuples in other database systems.

The location where email messages that various filters determine to be of
lesser value are collected so that they do not arrive in the recipient's inbox but are still
accessible to the recipient. This is also referred to as a spam or bulk folder.

Amazon Simple Storage Service
(Amazon S3), Amazon EMR
(Amazon EMR):
The unique identifier for an object in a bucket. Every object in a bucket has exactly one key.
Because a bucket and key together uniquely identify each object, you can think
of Amazon S3 as a basic data map between the bucket + key, and
the object itself. You can uniquely address every object in Amazon S3 through
the
combination of the web service endpoint, bucket name, and key, as in this
example: http://doc.s3.amazonaws.com/2006-03-01/AmazonS3.wsdl, where
doc is the name of the bucket, and
2006-03-01/AmazonS3.wsdl is the key.

AWS Import/Export: The name of
an object in Amazon S3. It is a sequence of Unicode characters whose UTF-8 encoding
cannot exceed 1024 bytes. If a key, for example, logPrefix + import-log-JOBID,
is longer than 1024 bytes, AWS Elastic Beanstalk
returns an InvalidManifestField error.

IAM: In a policy, a specific characteristic that is
the basis for restricting access (such as the current time, or the IP address
of
the requester).

Tagging resources: A general tag label
that acts like a category for more specific tag values. For example, you might
have EC2 instance with the tag key
of Owner and the tag value of Jan. You
can tag an AWS resource with up to
10 key–value pairs. Not all AWS resources can be tagged.

key pair

A set of security credentials that you use to prove your identity
electronically. A key pair consists of a private key and a public key.

key prefix

A logical grouping of the objects in a bucket. The prefix value is similar to a directory name
that enables you to store similar data under the same directory in a
bucket.

kibibyte

(KiB)

A contraction of kilo binary byte, a kibibyte is 2^10 or 1,024 bytes. A
kilobyte (KB) is 10^3 or 1,000 bytes. 1,024 KiB is a mebibyte.

The lifecycle state of the EC2 instance contained in an Auto Scaling group. EC2 instances
progress through several states over their lifespan; these include
Pending, InService,
Terminating and Terminated.

lifecycle action

An action that can be paused by Auto Scaling, such as launching or terminating an
EC2
instance.

lifecycle hook

Enables you to pause Auto Scaling after it launches or terminates an EC2 instance
so
that you can perform a custom action while the instance is not in
service.

link to VPC

The process of linking (or attaching) an EC2-Classic instance to a ClassicLink-enabled VPC.

A DNS name combined with a set of ports, which together provide a destination
for all requests intended for your application. A load balancer can distribute
traffic to multiple application instances across every Availability Zone within a region. Load balancers can span multiple Availability Zones within an Amazon EC2 region, but they cannot span
multiple regions.

local secondary index

An index that has the same partition key as the table, but a different sort
key. A local secondary index is local in the sense that every partition of a
local secondary index is scoped to a table partition that has the same partition
key value.

A case-sensitive unique string within an AWS CloudFormation template that identifies a resource, mapping, parameter, or output. In an AWS CloudFormation template, each
parameter, resource, property,
mapping, and output must be declared with a unique logical name. You use the
logical name when dereferencing these items using the Ref
function.

M

Software that transports email messages from one computer to another by using
a client-server architecture.

mailbox provider

An organization that provides email mailbox hosting services. Mailbox
providers are sometimes referred to as internet service providers, even if they only provide
mailbox services.

mailbox simulator

A set of email addresses that you can use to test an Amazon SES-based email sending application without
sending messages to actual recipients. Each email address represents a specific
scenario (such as a bounce or complaint) and generates a typical response that
is specific to the scenario.

main route table

The default route table that any
new VPCsubnet uses for routing. You can
associate a subnet with a different route table of your choice. You can also
change which route table is the main route table.

managed policy

A standalone IAMpolicy that you can attach to multiple
users, groups, and roles
in your IAM account. Managed
policies can either be AWS managed policies (which are created and managed by
AWS) or customer managed policies (which you create and manage in your AWS
account).

manifest

When sending a create job request for an import or export
operation, you describe your job in a text file called a manifest. The manifest
file is a YAML-formatted file that specifies how to transfer data between your
storage device and the AWS cloud.

manifest file

Amazon Machine Learning: The file used for describing batch predictions. The manifest
file
relates each input data file with its associated batch prediction results. It
is
stored in the Amazon S3 output location.

mapping

A way to add conditional parameter values to an AWS CloudFormation template. You specify mappings in the
template's optional Mappings section and retrieve the desired value using the
FN::FindInMap function.

An element of time-series data defined by a unique combination of exactly one
namespace, exactly one metric
name, and between zero and ten dimensions. Metrics and the statistics derived
from them are the basis of Amazon CloudWatch.

metric name

The primary identifier of a metric, used in combination with a namespace and optional
dimensions.

In machine learning (ML), a mathematical model that generates predictions by
finding patterns in data. Amazon Machine Learning supports three types of ML
models: binary
classification, multiclass classification, and regression. Also known as a
predictive model.

A primary DB instance that has a
synchronous standby replica in a different Availability Zone. The primary DB instance is synchronously replicated across Availability
Zones to the standby replica.

multiclass classification
model

A machine learning model that predicts values that belong to a limited,
pre-defined set of permissible values. For example, "Is this product a book,
movie, or clothing?"

multi-factor authentication
(MFA)

An optional AWS account security
feature. Once you enable AWS MFA, you must provide a six-digit, single-use code
in addition to your sign-in credentials whenever you access secure AWS webpages
or the AWS Management Console. You get this single-use code from an authentication device that you keep in
your physical possession.

N

An abstract container that provides context for the items (names, or technical
terms, or words) it holds, and allows disambiguation of homonym items residing
in different namespaces.

NAT

Network address translation. A strategy of mapping one or more IP addresses to
another while data packets are in transit across a traffic routing device. This
is commonly used to restrict internet communication to private instances while
allowing outgoing traffic.

An optional layer of security that acts as a firewall for controlling traffic
in and out of a subnet. You can
associate multiple subnets with a single network ACL, but a subnet can be associated with only one
network ACL at a time.

Amazon Machine Learning: A transformation that aids in text string analysis. An n-gram
transformation takes a text variable as input and outputs strings by sliding
a
window of size n words, where n is
specified by the user, over the text, and outputting every string of words of
size n and all smaller sizes. For example, specifying the
n-gram transformation with window size =2 returns all the two-word combinations
and all of the single words.

A property of AWS CloudFormation
parameters that prevent the otherwise default reporting of names and values of
a
template parameter. Declaring the NoEcho property causes
the parameter value to be masked with asterisks in the report by the
cfn-describe-stacks command.

NoSQL

Nonrelational database systems that are highly available, scalable, and
optimized for high performance. Instead of the relational model, NoSQL databases
(like Amazon DynamoDB) use alternate models
for data management, such as key–value pairs or document storage.

null object

A null object is one whose version ID is null. Amazon S3 adds a null object to
a bucket when versioning for that bucket is
suspended. It is possible to have only one null object for each key in a
bucket.

number of passes

The number of times that you allow Amazon Machine Learning to use the same data records
to
train a machine learning model.

Amazon CloudFront: Any entity that can be
served either over HTTP or a version of RTMP.

observation

Amazon Machine Learning: A single instance of data that Amazon Machine Learning (Amazon
ML) uses to either train
a machine learning model how to predict or to generate a prediction. Each row
in
an Amazon ML input data file is an observation.

On-Demand Instance

An Amazon EC2 pricing option that
charges you for compute capacity by the hour with no long-term
commitment.

operation

An API function. Also called an action.

optimistic locking

A strategy to ensure that an item that you want to update has not been
modified by others before you perform the update. For Amazon DynamoDB, optimistic locking support is provided by the
AWS SDKs.

organization

AWS Organizations: An entity that you create to consolidate and manage your
AWS accounts. An organization has one master account along with zero or more
member accounts.

organizational unit

AWS Organizations: A container for accounts within a root of an organization. An organizational unit
(OU) can contain other OUs.

origin access identity

Also called OAI. When using Amazon CloudFront to serve content with an Amazon S3bucket as the origin, a virtual
identity that you use to require users to access your content through CloudFront
URLs
instead of Amazon S3 URLs. Usually used with CloudFront private content.

origin server

The Amazon S3bucket or custom origin containing the
definitive original version of the content you deliver through CloudFront.

original environment

The instances in a deployment group at the start of an AWS CodeDeploy blue/green
deployment.

OSB transformation

Orthogonal sparse bigram transformation. In machine learning, a transformation
that aids in text string analysis and that is an alternative to the n-gram
transformation. OSB transformations are generated by sliding the window of size
n words over the text, and outputting every pair of
words that includes the first word in the window.

P

The process of responding to an API request by returning a large list of
records in small separate parts. Pagination can occur in the following
situations:

The client sets the maximum number of returned records to a value
below the total number of records.

The service has a default maximum number of returned records that is
lower than the total number of records.

When an API response is paginated, the service sends a subset of the large
list of records and a pagination token that indicates that more records are
available. The client includes this pagination token in a subsequent API
request, and the service responds with the next subset of records. This
continues until the service responds with a subset of records and no pagination
token, indicating that all records have been sent.

pagination token

A marker that indicates that an API response contains a subset of a larger
list of records. The client can return this marker in a subsequent API request
to retrieve the next subset of records until the service responds with a subset
of records and no pagination token, indicating that all records have been sent.

A statement within a policy that
allows or denies access to a particular resource. You can state any permission like this: "A has
permission to do B to C." For example, Jane (A) has permission to read messages
(B) from John's Amazon SQS queue (C). Whenever
Jane sends a request to Amazon SQS to use John's queue, the service checks to
see if
she has permission and if the request satisfies the conditions John set forth
in
the permission.

IAM: A document defining
permissions that apply to a user, group, or role; the permissions in turn
determine what users can do in AWS. A policy typically allows access to specific actions, and can optionally
grant that the actions are allowed for specific resources, like EC2 instances, Amazon S3buckets, and so on. Policies can also
explicitly deny access.

Auto Scaling: An object that
stores the information needed to launch or terminate instances for an Auto Scaling
group. Executing the policy causes instances to be launched or terminated. You
can configure an alarm to invoke an Auto Scaling
policy.

The user, service, or account that receives permissions that
are defined in a policy. The principal
is A in the statement "A has permission to do B to C."

private content

When using Amazon CloudFront
to serve content with an Amazon S3bucket as the origin, a method of
controlling access to your content by requiring users to use signed URLs. Signed
URLs can restrict user access based on the current date and time and/or the IP
addresses that the requests originate from.

private IP address

A private numerical address (for example, 192.0.2.44) that networked devices
use to communicate with one another using the Internet Protocol (IP). All EC2 instancess are assigned two IP
addresses at launch, which are directly mapped to each other through Network
Address Translation (NAT): a private
address (following RFC 1918) and a public address.
Exception: Instances launched in Amazon VPC are assigned only a
private IP address.

A JSON-compliant markup standard for
declaring properties, mappings, and output values in an AWS CloudFormation template.

Provisioned IOPS

A storage option designed to deliver fast, predictable, and consistent I/O
performance. When you specify an IOPS rate while creating a DB instance, Amazon RDS provisions that
IOPS rate for the lifetime of the DB instance.

pseudo parameter

A predefined setting, such as AWS:StackName that can be used in
AWS CloudFormation templates
without having to declare them. You can use pseudo parameters anywhere you can
use a regular parameter.

A large collection of public information that can be seamlessly integrated
into AWS cloud-based applications. Amazon stores public data sets at no charge
to the community and, like all AWS services, users pay only for the compute and
storage they use for their own applications. These data sets currently include
data from the Human Genome Project, the U.S. Census, Wikipedia, and other
sources.

A pubic numerical address (for example, 192.0.2.44) that networked devices use
to communicate with one another using the Internet Protocol (IP). EC2 instances are assigned two IP
addresses at launch, which are directly mapped to each other through Network
Address Translation (NAT): a private
address (following RFC 1918) and a public address.
Exception: Instances launched in Amazon VPC are assigned only a
private IP address.

Paravirtual virtualization. Allows guest VMs to run on host systems that do
not have special support extensions for full hardware and CPU virtualization.
Because PV guests run a modified operating system that does not use hardware
emulation, they cannot provide hardware-related features such as enhanced
networking or GPU support.

Q

Amazon Machine Learning: A process that takes two inputs, a numerical variable and
a
parameter called a bin number, and outputs a categorical variable. Quartile
binning transformations discover non-linearity in a variable's distribution by
enabling the machine learning model to learn separate importance values for
parts of the numeric variable’s distribution.

Query

A type of web service that generally uses only the GET or
POST HTTP method and a query string with parameters in the URL.

R

A request that specifies a byte range of data to get for a download. If an
object is large, you can break up a download into smaller units by sending
multiple range GET requests that each specify a different byte range to GET.

raw email

A type of sendmail request with which you can specify the
email headers and MIME types.

A type of machine learning model that predicts a numeric value, such as the
exact purchase price of a house.

regularization

A machine learning (ML) parameter that you can tune to obtain higher-quality
ML models. Regularization helps prevent ML models from memorizing training data
examples instead of learning how to generalize the patterns it sees (called
overfitting). When training data is overfitted, the ML model performs well on
the training data but does not perform well on the evaluation data or on new
data.

replacement environment

The instances in a deployment group after the AWS CodeDeploy blue/green
deployment.

1. An Amazon SES metric, based on
factors that might include bounces,
complaints, and other metrics,
regarding whether or not a customer is sending high-quality email.

2. A measure of confidence, as judged by an internet service provider
or other entity that an IP address that they are receiving email from is not
the
source of spam.

requester

The person (or application) that sends a request to AWS to perform a specific
action. When AWS receives a request, it first evaluates the requester's
permissions to determine whether the requester is allowed to perform the request
action (if applicable, for the requested resource).

Requester Pays

An Amazon S3 feature that allows a
bucket owner to specify that
anyone who requests access to objects in a particular bucket must pay the data transfer and request
costs.

A pricing option for EC2 instances that discounts the on-demand usage charge for instances
that meet the specified parameters. Customers pay for the entire term of the
instance, regardless of how they use it.

Reserved Instance
Marketplace

An online exchange that matches sellers who have reserved capacity that they
no longer need with buyers who are looking to purchase additional capacity.
Reserved Instances that
you purchase from third-party sellers have less than a full standard term
remaining and can be sold at different upfront prices. The usage or reoccurring
fees remain the same as the fees set when the Reserved Instances were originally
purchased. Full standard terms for Reserved Instances available from AWS run
for
one year or three years.

A value required when including an AWS resource in an AWS CloudFormationstack. Each resource may have one or
more properties associated with it. For example, an
AWS::EC2::Instance resource may have a UserData
property. In an AWS CloudFormation template, resources must declare a properties
section,
even if the resource has no properties.

resource record

Also called resource record set. The fundamental
information elements in the Domain Name System (DNS).

Representational state transfer. A simple stateless architecture that generally runs
over HTTPS/TLS.
REST emphasizes that resources have unique and hierarchical identifiers (URIs),
are represented by
common media types (HTML, XML, JSON, and so on), and that operations on the resources are either
predefined or discoverable within the media type. In practice, this generally
results in a limited
number of operations.

Also known as RESTful API. A web service that follows REST
architectural constraints. The API operations must use HTTP methods explicitly;
expose hierarchical
URIs; and transfer either XML, JSON, or both.

A return to a previous state that follows the failure to create an object,
such as AWS CloudFormationstack. All resources associated with the failure are deleted during
the rollback. For AWS CloudFormation, you can override this behavior using the
--disable-rollback option on the command line.

A volume that contains the image used
to boot the instance. If you launched
the instance from an AMI backed by instance store, this is an instance
store volume created from a template
stored in Amazon S3. If you launched the
instance from an AMI backed by Amazon EBS, this is an Amazon EBS volume created from an Amazon EBS
snapshot.

route table

A set of routing rules that controls the traffic leaving any subnet that is associated with the route
table. You can associate multiple subnets with a single route table, but a
subnet can be associated with only one route table at a time.

row identifier

row ID.Amazon Machine Learning: An attribute in the input data that you can include
in the
evaluation or prediction output to make it easier to associate a prediction with
an observation.

rule

AWS WAF: A set of conditions that
AWS WAF searches for in web requests to AWS resources such as Amazon CloudFront distributions. You add rules to a
web ACL, and then
specify whether you want to allow or block web requests based on each
rule.

A testing location where you can test the functionality of your application
without affecting production, incurring charges, or purchasing products.

Amazon SES: An environment that is
designed for developers to test and evaluate the service. In the sandbox, you
have full access to the Amazon SES API, but you can only send messages to verified
email addresses and the mailbox simulator. To get out of the sandbox, you need
to apply for production access. Accounts in the sandbox also have lower sending limits than production
accounts.

Amazon Machine Learning: The information needed to interpret the input data for a
machine
learning model, including attribute names and their assigned data types, and
the
names of special attributes.

score cut-off value

Amazon Machine Learning: A binary classification models output a score that ranges
from 0 to
1. To decide whether an observation should be classified as 1 or 0, you pick
a
classification threshold, or cut-off, and Amazon ML compares the score against
it.
Observations with scores higher than the cut-off are predicted as target equals
1, and scores lower than the cut-off are predicted as target equals 0.

Amazon CloudSearch: Encapsulates your
searchable data and the search instances that handle your search requests. You
typically set up a separate Amazon CloudSearch domain for each different collection
of data
that you want to search.

Amazon CloudSearch: The URL that you
connect to when sending search requests to a search domain. Each Amazon CloudSearch
domain has
a unique search endpoint that remains the same for the life of the
domain.

Amazon CloudSearch: A compute resource that indexes your data and
processes search requests. An Amazon CloudSearch domain has one or more search
instances, each
with a finite amount of RAM and CPU resources. As your data volume grows, more
search instances or larger search instances are deployed to contain your indexed
data. When necessary, your index is automatically partitioned across multiple
search instances. As your request volume or complexity increases, each search
partition is automatically replicated to provide additional processing capacity.

search request

Amazon CloudSearch: A request that is
sent to an Amazon CloudSearch domain's search endpoint to retrieve documents
from the index
that match particular search criteria.

search result

Amazon CloudSearch: A document that
matches a search request. Also referred to as a search hit.

secret access key

A key that is used in conjunction with the access key ID to cryptographically sign programmatic AWS
requests. Signing a request identifies the sender and prevents the request from
being altered. You can generate secret access keys for your AWS account, individual IAM users, and temporary sessions.

security group

A named set of allowed inbound network connections for an instance. (Security
groups in Amazon VPC also include support
for outbound connections.) Each security group consists of a list of protocols,
ports, and IP address ranges. A security group can apply to multiple instances,
and multiple groups can regulate a single instance.

sender

The person or entity sending an email message.

Sender ID

A Microsoft-controlled version of SPF.
An email authentication and anti-spoofing system. For more information about
Sender ID, see Sender
ID in Wikipedia.

An IAMrole that grants permissions to an AWS
service so it can access AWS resources. The policies that you attach to the service role determine which AWS
resources the service can access and what it can do with those resources.

Secure Hash Algorithm. SHA1 is an earlier version of the algorithm, which AWS
has deprecated in favor of SHA256.

shard

Amazon Elasticsearch Service
(Amazon ES): A partition of data in an
index. You can split an index into multiple shards, which can include primary
shards (original shards) and replica shards (copies of the primary shards).
Replica shards provide failover, which means that a replica shard is promoted
to
a primary shard if a cluster node that contains a primary shard fails. Replica
shards also can handle requests.

Amazon EMR: A predefined bootstrap action that launches a script that
executes a series of commands in parallel before terminating the job flow.

signature

Refers to a digital signature, which is a mathematical
way to confirm the authenticity of a digital message. AWS uses signatures to
authenticate the requests you send to our web services. For more information,
to
https://aws.amazon.com/security.

SIGNATURE file

AWS Import/Export: A file you
copy to the root directory of your storage device. The file contains a job ID,
manifest file, and a signature.

Signature Version 4

Protocol for authenticating inbound API requests to AWS services in all
AWS regions.

A security measure to verify that an EC2 instance is the origin of all traffic that it sends and
the ultimate destination of all traffic that it receives; that is, that the
instance is not relaying traffic. Source/destination checking is enabled by
default. For instances that function as gateways, such as VPCNAT instances, source/destination checking
must be disabled.

spam

Unsolicited bulk email.

spamtrap

An email address that is set up by an anti-spam entity, not for correspondence, but to monitor
unsolicited email. This is also called a honeypot.

The price for a Spot Instance at
any given time. If your maximum price exceeds the current price and your
restrictions are met, Amazon EC2
launches instances on your behalf.

SQL injection match
condition

AWS WAF: An attribute that specifies
the part of web requests, such as a header or a query string, that AWS WAF
inspects for malicious SQL code. Based on the specified conditions, you can
configure AWS WAF to allow or block web requests to AWS resources such as Amazon CloudFront distributions.

AWS OpsWorks: A set of instances that
you manage collectively, typically because they have a common purpose such as
serving PHP applications. A stack serves as a container and handles tasks that
apply to the group of instances as a whole, such as managing applications and
cookbooks.

station

AWS CodePipeline: A portion
of a pipeline workflow where one or more actions are performed.

station

A place at an AWS facility where your AWS Import/Export data is transferred on to,
or off
of, your storage device.

statistic

One of five functions of the values submitted for a given sampling period. These functions
are Maximum, Minimum, Sum,
Average, and SampleCount.

stem

The common root or substring shared by a set of related words.

stemming

The process of mapping related words to a common stem. This enables matching
on variants of a word. For example, a search for "horse" could return matches
for horses, horseback, and horsing, as well as horse. Amazon CloudSearch supports both dictionary
based and algorithmic stemming.

step

Amazon EMR: A single function applied to the data in a job flow. The sum of all steps comprises
a job flow.

step type

Amazon EMR: The type of work done in a step. There are a limited number
of step types, such as moving data from Amazon S3 to Amazon EC2 or from Amazon EC2 to Amazon S3.

sticky session

A feature of the Elastic Load Balancing load balancer that
binds a user's session to a specific application instance so that all requests
coming from the user during the session are sent to the same application
instance. By contrast, a load balancer defaults to route each request
independently to the application instance with the smallest load.

stopping

The process of filtering stop words from an index or search request.

stopword

A word that is not indexed and is automatically filtered out of search
requests because it is either insignificant or so common that including it would
result in too many matches to be useful. Stop words are language-specific.

Before you calculate an HMAC signature,
you first assemble the required components in a canonical order. The
preencrypted string is the string-to-sign.

string match condition

AWS WAF: An attribute that specifies
the strings that AWS WAF searches for in a web request, such as a value in a
header or a query string. Based on the specified strings, you can configure
AWS WAF to allow or block web requests to AWS resources such as CloudFront distributions.

strongly consistent read

A read process that returns a response with the most up-to-date data,
reflecting the updates from all prior write operations that were
successful—regardless of the region.

A segment of the IP address range of a VPC that EC2 instances can be
attached to. You can create subnets to group instances according to security
and
operational needs.

Subscription button

An HTML-coded button that enables an easy way to charge customers a recurring
fee.

suggester

Amazon CloudSearch: Specifies an index
field you want to use to get autocomplete suggestions and options that can
enable fuzzy matches and control how suggestions are sorted.

suggestions

Documents that contain a match for the partial search string in the field
designated by the suggester. Amazon CloudSearch suggestions include the
document IDs and field values for each matching document. To be a match, the
string must match the contents of the field starting from the beginning of the
field.

A type of bounce that occurs while
the email servers of the sender and
receiver are actively
communicating.

synonym

A word that is the same or nearly the same as an indexed word and that should
produce the same results when specified in a search request. For example, a
search for "Rocky Four" or "Rocky 4" should return the fourth
Rocky movie. This can be done by designating that
four and 4 are synonyms for IV.
Synonyms are language-specific.

Amazon SES: Also called
labeling. A way to format return path email addresses so that you can specify a
different return path for each recipient of a message. Tagging enables you to
support VERP. For example, if Andrew
manages a mailing list, he can use the return paths
andrew+recipient1@example.net and andrew+recipient2@example.net so that he can
determine which email bounced.

target attribute

Amazon Machine Learning (Amazon ML ): The attribute in the input data that contains
the “correct”
answers. Amazon ML uses the target attribute to learn how to make predictions
on new
data. For example, if you were building a model for predicting the sale price
of
a house, the target attribute would be “target sale price in USD.”

target revision

AWS CodeDeploy: The most recent
version of the application revision that has been uploaded to the repository
and
will be deployed to the instances in a deployment group. In other words, the
application revision currently targeted for deployment. This is also the
revision that will be pulled for automatic deployments.

An EC2 instance that runs Hadoop map and reduce tasks, but does not
store data. Task nodes are managed by the master node, which assigns Hadoop tasks to nodes and
monitors their status. While a job flow is running you can increase and decrease
the number of task nodes. Because they don't store data and can be added and
removed from a job flow, you can use task nodes to manage the EC2 instance
capacity your job flow uses, increasing capacity to handle peak loads and
decreasing it later.

Task nodes only run a TaskTracker Hadoop daemon.

tebibyte

(TiB)

A contraction of tera binary byte, a tebibyte is 2^40 or 1,099,511,627,776
bytes. A terabyte (TB) is 10^12 or 1,000,000,000,000 bytes. 1,024 TiB is a pebibyte.

template format version

The version of an AWS CloudFormation template design that determines the
available features. If you omit the AWSTemplateFormatVersion
section from your template, AWS CloudFormation assumes the most recent format
version.

template validation

The process of confirming the use of JSON code in an AWS CloudFormation
template. You can validate any AWS CloudFormation template using the
cfn-validate-template command.

The automatic restricting or slowing down of a process based on one or more
limits. Examples: Amazon Kinesis Streams throttles operations if an
application (or group of applications operating on the same stream) attempts
to
get data from a shard at a rate faster than the shard limit. Amazon API Gateway uses throttling to limit
the steady-state request rates for a single account. Amazon SES uses throttling to reject attempts to send
email that exceeds the sending limits.

time series data

Data provided as part of a metric. The time value is assumed to be when the
value occurred. A metric is the fundamental concept for Amazon CloudWatch and represents a time-ordered set of data points.
You publish metric data points into CloudWatch and later retrieve statistics
about
those data points as a time-series ordered data set.

The process of splitting a stream of text into separate tokens on detectable
boundaries such as whitespace and hyphens.

topic

A communication channel to send messages and subscribe to notifications. It
provides an access point for publishers and subscribers to communicate with each
other.

training datasource

A datasource that contains the data that Amazon Machine Learning uses to train the
machine
learning model to make predictions.

transition

AWS CodePipeline: The act of
a revision in a pipeline continuing from one stage to the next in a
workflow.

Transport Layer Security

(TLS)

A cryptographic protocol that provides security for communication over the
internet. Its predecessor is Secure Sockets Layer (SSL).

trust policy

An IAMpolicy that is an inherent part of an
IAM role. The trust policy specifies
which principals are allowed to use
the role.

trusted signers

AWS accounts that the CloudFront distribution owner
has given permission to create signed URLs for a distribution's content.

tuning

Selecting the number and type of AMIs to run a Hadoop job
flow most efficiently.

tunnel

A route for transmission of private network traffic that uses the internet to
connect nodes in the private network. The tunnel uses encryption and secure
protocols such as PPTP to prevent the traffic from being intercepted as it
passes through public routing nodes.

A person or application under an account that needs to make API calls to AWS products. Each
user has a unique name within the AWS account, and a set of security credentials
not shared with other users. These credentials are separate from the AWS
account's security credentials. Each user is associated with one and only one
AWS account.

V

Instances of attributes for an item, such as
cells in a spreadsheet. An attribute might have multiple values.

Tagging resources: A specific tag label
that acts as a descriptor within a tag category (key). For example, you might
have EC2 instance with the tag key
of Owner and the tag value of Jan. You
can tag an AWS resource with up to
10 key–value pairs. Not all AWS resources can be tagged.

The process of confirming that you own an email address or a domain so that
you can send email from or to it.

VERP

Variable Envelope Return Path. A way in which email sending applications can
match bounced email with the
undeliverable address that caused the bounce by using a different return path for each recipient. VERP
is typically used for mailing lists. With VERP, the recipient's email address
is
embedded in the address of the return path, which is where bounced email is
returned. This makes it possible to automate the processing of bounced email
without having to open the bounce messages, which may vary in content.

versioning

Every object in Amazon S3 has a key and a
version ID. Objects with the same key, but different version IDs can be stored
in the same bucket. Versioning is
enabled at the bucket layer using PUT Bucket versioning.

(VGW) The Amazon side of a VPN connection that maintains connectivity. The internal
interfaces of the virtual private gateway connect to your VPC via the VPN attachment and the external interfaces
connect to the VPN connection, which leads to the customer gateway.

visibility timeout

The period of time that a message is invisible to the rest of your application
after an application component gets it from the queue. During the visibility
timeout, the component that received the message usually processes it, and then
deletes it from the queue. This prevents multiple components from processing
the
same message.

volume

A fixed amount of storage on an instance. You can share volume data between containers and persist the data on the
container instance when
the containers are no longer running.

VPC

Virtual private cloud. An elastic network populated by infrastructure,
platform, and application services that share common security and
interconnection.

VPC endpoint

A feature that enables you to create a private connection between your VPC and an another AWS service without
requiring access over the internet, through a NAT instance, a VPN connection, or AWS Direct Connect.

AWS WAF: A set of rules that defines
the conditions that AWS WAF searches for in web requests to AWS resources such as Amazon CloudFront distributions. A
web access control list (web ACL) specifies whether to allow, block, or count
the requests.

X, Y, Z

An digital document that uses the X.509 public key infrastructure (PKI)
standard to verify that a public key belongs to the entity described in the
certificate.

yobibyte

(YiB)

A contraction of yotta binary byte, a yobibyte is 2^80 or
1,208,925,819,614,629,174,706,176 bytes. A yottabyte (YB) is 10^24 or
1,000,000,000,000,000,000,000,000 bytes.

zebibyte

(ZiB)

A contraction of zetta binary byte, a zebibyte is 2^70 or
1,180,591,620,717,411,303,424 bytes. A zettabyte (ZB) is 10^21 or
1,000,000,000,000,000,000,000 bytes. 1,024 ZiB is a yobibyte.

zone awareness

Amazon Elasticsearch Service
(Amazon ES): A configuration that
distributes nodes in a cluster across two Availability Zones in the same region. Zone awareness helps to prevent data loss and minimizes
downtime in the event of node and data center failure. If you enable zone
awareness, you must have an even number of data instances in the instance count,
and you also must use the Amazon Elasticsearch Service Configuration API to replicate
your data for
your Elasticsearch cluster.